openssl-verification-options.1 - OpenGrok cross reference for /freebsd/secure/usr.bin/openssl/man/openssl-verification-options.1

Lines Matching full:trust
94 .SS "Trust Anchors"
95 .IX Subsection "Trust Anchors"
96 In general, according to RFC 4158 and RFC 5280, a \fItrust anchor\fR is
101 In practice, trust anchors are given in the form of certificates,
107 is used for matching trust anchors during chain building.
109 In the most simple and common case, trust anchors are by default
110 all self-signed "root" CA certificates that are placed in the \fItrust store\fR,
112 This is akin to what is used in the trust stores of Mozilla Firefox,
115 From the OpenSSL perspective, a trust anchor is a certificate
117 uses of a target certificate the certificate may serve as a trust anchor.
119 Such a designation provides a set of positive trust attributes
120 explicitly stating trust for the listed purposes
121 and/or a set of negative trust attributes
136 is considered a trust anchor for the given use
139 It is an an element of the trust store.
141 It does not have a negative trust attribute rejecting the given use.
143 It has a positive trust attribute accepting the given use
150 and ending in a trust anchor.
161 In this case it must fully match a trust anchor, otherwise chain building fails.
177 The lookup first searches for issuer certificates in the trust store.
200 The third step is to check the trust settings on the last certificate
204 with no trust attributes is considered to be valid for all uses.
225 that can be used as trust anchors for certain uses.
226 As mentioned, a collection of such certificates is called a \fItrust store\fR.
228 Note that OpenSSL does not provide a default set of trust anchors.  Many
230 to that.  Mozilla maintains an influential trust store that can be found at
233 The certificates to add to the trust store
239 PEM-encoded certificates may also have trust attributes set.
246 i.e., a trust store.
370 (because it has no matching positive trust attributes and is not self-signed)
371 but is an element of the trust store.
397 Each of them qualifies as trusted if has a suitable positive trust attribute
401 only certificates specified using the \fB\-trusted\fR option are trust anchors.
408 construct a certificate chain from the target certificate to a trust anchor.
450 end-entity certificate nor the trust-anchor certificate count against the
469 These mimic the combinations of purpose and trust settings used in SSL/(D)TLS,
472 The verification parameters include the trust model, various flags that can
476 The trust model determines which auxiliary trust or reject OIDs are applicable
561 Moreover, it does these checks even for trust anchor certificates.